Ga naar inhoud

verwijderen van F-Secure antivirus


Aanbevolen berichten

  • Reacties 25
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Beste reacties in dit topic

Geplaatste afbeeldingen

De Removal Tool van F-Secure kan je hier downloaden. Mocht dat nog geen volledige opruiming bieden, mag je even het volgende doen :

1. Download HijackThis.

Klik bij "HijackThis Downloads" op "Installer".

Bestand HijackThis.msi opslaan. Daarna kiezen voor "uitvoeren".

Hijackthis wordt nu op je PC geïnstalleerd, een snelkoppeling wordt op je bureaublad geplaatst.

Als je geen netwerkverbinding meer hebt, kan je de download doen met een andere pc en het bestand met een usb stick overbrengen

Als je enkel nog in veilige modus kan werken, moet je de executable downloaden.

Sla deze op in een nieuwe map op de C schijf (bvb C:\\hijackthis) en start hijackthis dan vanaf deze map.

De logjes kan je dan ook in die map terugvinden.


2. Klik op de snelkoppeling om HijackThis te starten. (lees eerst de rode tekst hieronder!)

Klik ofwel op "Do a systemscan and save a logfile", ofwel eerst op "Scan" en dan op "Savelog".

Er opent een kladblokvenster, hou gelijktijdig de CTRL en A-toets ingedrukt, nu is alles geselecteerd. Hou gelijktijdig de CTRL en C-toets ingedrukt, nu is alles gekopieerd. Plak nu het HJT logje in je bericht door CTRL en V-toets.

Krijg je een melding ""For some reason your system denied writing to the Host file ....", klik dan gewoon door op de OK-toets.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\\Program Files\\Trend Micro\\HiJackThis of C:\\Program Files (x86)\\Trend Micro\\HiJackThis. (Bekijk hier de afbeelding ---> Bijlage 12634)

Wil je in woord en beeld weten hoe je een logje met HijackThis maakt en plaatst op het forum, klik dan HIER

Link naar reactie
Delen op andere sites

@michel, nee nog niet.

Hier is het logje:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 17:09:07, on 21-12-2011

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer wordt aangeboden door MSN and Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe,

O1 - Hosts: # Copyright © 1993-2009 Microsoft Corp.

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files (x86)\IncrediMail\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: Download alles met Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download met Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm

O8 - Extra context menu item: Download selectie met Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video met Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab

O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} (CeWe Color AG & Co. OHG Control) - https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - https://asp.photoprintit.de/microsite/3285/defaults/activex/ips/IPSUploader4.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - https://asp.photoprintit.de/microsite/8/defaults/activex/XUpload.ocx

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: ASP.NET-statusservice (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - D:\andere\sandboxie\SbieSvc.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_Tablet.exe

O23 - Service: Wacom Consumer Touch Service (TouchServicePen) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_TouchService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 10715 bytes

Link naar reactie
Delen op andere sites

Pc Veilig staat nog steeds bij de program files, met alles erin

ik weet niet of er nog processen van bezig zijn

Hier is een tasklist, misschien dat je het daar in kan vinden:

Imagenaam Proces-i Sessienaam Sessienr. Geheugengebr

========================= ======== ================ =========== ============

System Idle Process 0 Services 0 24 kB

System 4 Services 0 1.892 kB

smss.exe 312 Services 0 1.180 kB

csrss.exe 448 Services 0 5.120 kB

wininit.exe 516 Services 0 5.360 kB

csrss.exe 532 Console 1 18.588 kB

services.exe 568 Services 0 11.304 kB

lsass.exe 584 Services 0 14.212 kB

lsm.exe 592 Services 0 5.144 kB

winlogon.exe 648 Console 1 8.012 kB

svchost.exe 740 Services 0 10.352 kB

svchost.exe 836 Services 0 9.272 kB

atiesrxx.exe 884 Services 0 4.948 kB

svchost.exe 964 Services 0 23.808 kB

svchost.exe 1008 Services 0 180.328 kB

svchost.exe 240 Services 0 37.472 kB

svchost.exe 1032 Services 0 16.744 kB

atieclxx.exe 1096 Console 1 7.316 kB

SbieSvc.exe 1112 Services 0 4.596 kB

Pen_TouchService.exe 1240 Services 0 5.664 kB

wisptis.exe 1252 Console 1 9.260 kB

svchost.exe 1500 Services 0 16.352 kB

wisptis.exe 1656 Console 1 12.436 kB

TabTip.exe 1668 Console 1 15.668 kB

AvastSvc.exe 1732 Services 0 49.580 kB

TabTip32.exe 1764 Console 1 3.344 kB

dwm.exe 1816 Console 1 7.608 kB

explorer.exe 1864 Console 1 76.396 kB

Pen_TouchUser.exe 1884 Console 1 12.100 kB

RAVCpl64.exe 624 Console 1 14.508 kB

spoolsv.exe 2180 Services 0 12.760 kB

taskhost.exe 2196 Console 1 10.040 kB

svchost.exe 2272 Services 0 21.732 kB

svchost.exe 2300 Services 0 19.552 kB

PhotoshopElementsFileAgen 2416 Services 0 992 kB

FsUsbExService.Exe 2636 Services 0 5.548 kB

LSSrvc.exe 2688 Services 0 4.720 kB

RichVideo.exe 2744 Services 0 4.708 kB

svchost.exe 2792 Services 0 6.412 kB

Pen_Tablet.exe 2844 Services 0 6.744 kB

WLIDSVC.EXE 2908 Services 0 16.400 kB

Pen_TabletUser.exe 3000 Console 1 6.868 kB

AvastUI.exe 3044 Console 1 4.668 kB

MOM.exe 2460 Console 1 6.764 kB

Pen_Tablet.exe 2596 Console 1 20.232 kB

SearchIndexer.exe 3100 Services 0 24.324 kB

WLIDSVCM.EXE 3352 Services 0 4.040 kB

CCC.exe 3536 Console 1 24.164 kB

svchost.exe 3704 Services 0 6.416 kB

wmpnetwk.exe 3756 Services 0 12.876 kB

svchost.exe 2496 Services 0 12.632 kB

PresentationFontCache.exe 4900 Services 0 18.544 kB

svchost.exe 3052 Services 0 29.568 kB

InputPersonalization.exe 3272 Console 1 528 kB

svchost.exe 4480 Services 0 4.780 kB

taskhost.exe 4756 Services 0 3.840 kB

audiodg.exe 4984 Services 0 18.264 kB

Setup.exe 1576 Console 1 6.460 kB

is-12IQ7.tmp 4380 Console 1 45.408 kB

firefox.exe 1420 Console 1 133.456 kB

msnmsgr.exe 4780 Console 1 121.512 kB

wlcomm.exe 2592 Console 1 24.372 kB

plugin-container.exe 1648 Console 1 16.432 kB

cmd.exe 3132 Console 1 3.456 kB

conhost.exe 3780 Console 1 7.348 kB

tasklist.exe 3664 Console 1 6.604 kB

WmiPrvSE.exe 1640 Services 0 7.248 kB

Link naar reactie
Delen op andere sites

En verwijderen via Software heb je al gedaan ?

Zo ja, maak dan even het volgende :

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

3. Dubbelklik op "Combofix.exe" om de tool te starten.

4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Link naar reactie
Delen op andere sites

ComboFix 11-12-21.02 - Loch 21-12-2011 19:26:06.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4094.2633 [GMT 1:00]

Gestart vanuit: c:\users\Loch\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: F-Secure Anti-Virus 9.20.15437 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}

FW: PC Veilig 9.12 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: F-Secure Anti-Virus 9.20.15437 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Tarma Installer

c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll

c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll

c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat

c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe

c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico

c:\users\Loch\AppData\Local\assembly\tmp

c:\users\Loch\AppData\Roaming\Adobe\plugs

c:\users\Loch\AppData\Roaming\Adobe\shed

c:\users\Loch\AppData\Roaming\EurekaLog

c:\users\Loch\AppData\Roaming\EurekaLog\KPN_Assistent\KPN_Assistent_LOCH-PC.elf

c:\windows\system32\java.exe

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-11-21 to 2011-12-21 ))))))))))))))))))))))))))))))

.

.

2011-12-21 18:34 . 2011-12-21 18:34 -------- d-----w- c:\users\Machiel\AppData\Local\temp

2011-12-21 18:34 . 2011-12-21 18:34 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-12-21 18:07 . 1998-07-17 12:36 140800 ----a-w- c:\windows\SysWow64\tm20dec.ax

2011-12-21 18:07 . 1997-12-17 17:33 304128 ----a-w- c:\windows\IsUninst.exe

2011-12-21 18:03 . 2011-12-21 18:03 -------- d-----w- c:\users\Loch\AppData\Roaming\Apple Computer

2011-12-21 18:03 . 2011-12-21 18:03 -------- d-----w- c:\users\Loch\AppData\Local\Apple Computer

2011-12-21 18:03 . 2009-05-18 12:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2011-12-21 18:03 . 2008-04-17 11:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll

2011-12-21 18:03 . 2008-04-17 11:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll

2011-12-21 18:03 . 2011-12-21 18:03 -------- d-----w- c:\program files\iPod

2011-12-21 18:02 . 2011-12-21 18:03 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}

2011-12-21 18:02 . 2011-12-21 18:03 -------- d-----w- c:\program files\iTunes

2011-12-21 18:02 . 2011-12-21 18:03 -------- d-----w- c:\program files (x86)\iTunes

2011-12-21 18:02 . 2011-12-21 18:02 -------- d-----w- c:\programdata\Apple Computer

2011-12-21 18:02 . 2011-12-21 18:02 -------- d-----w- c:\users\Loch\AppData\Local\Apple

2011-12-21 18:02 . 2011-12-21 18:02 -------- d-----w- c:\program files (x86)\Apple Software Update

2011-12-21 18:01 . 2011-12-21 18:01 -------- d-----w- c:\program files\Common Files\Apple

2011-12-21 18:01 . 2011-12-21 18:01 -------- d-----w- c:\program files (x86)\Bonjour

2011-12-21 18:01 . 2011-12-21 18:01 -------- d-----w- c:\program files\Bonjour

2011-12-21 18:01 . 2011-12-21 18:02 -------- d-----w- c:\program files (x86)\Common Files\Apple

2011-12-21 18:01 . 2011-12-21 18:01 -------- d-----w- c:\programdata\Apple

2011-12-20 18:42 . 2011-11-28 17:51 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-12-20 18:42 . 2011-11-28 17:53 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-12-20 18:42 . 2011-11-28 17:52 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-12-20 18:42 . 2011-11-28 17:52 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-12-20 18:42 . 2011-11-28 17:54 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-12-20 18:42 . 2011-11-28 18:01 256960 ----a-w- c:\windows\system32\aswBoot.exe

2011-12-20 18:42 . 2011-11-28 17:52 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-12-20 18:41 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr

2011-12-20 18:35 . 2011-11-28 18:01 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe

2011-12-20 18:35 . 2011-12-20 18:35 -------- d-----w- c:\programdata\AVAST Software

2011-12-20 18:35 . 2011-12-20 18:35 -------- d-----w- c:\program files\AVAST Software

2011-12-20 15:32 . 2010-04-27 02:25 15872 ----a-w- c:\windows\system32\drivers\ssm_whnt.sys

2011-12-20 15:32 . 2010-04-27 02:25 136192 ----a-w- c:\windows\system32\drivers\ssm_bus.sys

2011-12-20 15:13 . 2011-12-07 16:14 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A12E338A-8550-45F3-B05D-0188923AC22E}\mpengine.dll

2011-12-19 15:56 . 2011-12-19 15:56 -------- d-----w- c:\users\Loch\AppData\Local\{D25D1306-D270-4315-9E73-99864914DC21}

2011-12-15 14:34 . 2011-12-20 16:41 -------- d-----w- c:\users\Machiel\AppData\Local\Windows Live

2011-12-15 14:34 . 2011-12-15 15:00 -------- d-----w- c:\users\Machiel\AppData\Roaming\Windows Live Writer

2011-12-15 14:34 . 2011-12-15 14:34 -------- d-----w- c:\users\Machiel\AppData\Local\Windows Live Writer

2011-12-15 14:22 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll

2011-12-15 14:22 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys

2011-12-15 14:22 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll

2011-12-15 14:22 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll

2011-12-15 14:22 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll

2011-12-15 14:22 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2011-12-15 13:53 . 2011-12-15 13:53 882512 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2011-12-13 16:56 . 2010-07-04 18:07 238952 ----a-w- c:\windows\SysWow64\FsUsbExService.Exe

2011-12-13 16:56 . 2010-06-14 08:32 36608 ----a-w- c:\windows\SysWow64\FsUsbExDisk.Sys

2011-12-13 16:56 . 2010-06-14 08:32 110592 ----a-w- c:\windows\SysWow64\FsUsbExDevice.Dll

2011-12-13 16:29 . 2010-04-27 02:25 15872 ----a-w- c:\windows\system32\drivers\ssm_wh.sys

2011-12-13 16:29 . 2010-04-27 02:25 15360 ----a-w- c:\windows\system32\drivers\ssm_cm.sys

2011-12-13 16:26 . 2011-12-13 16:26 -------- d-----w- c:\program files (x86)\MarkAny

2011-12-13 16:12 . 2011-12-13 16:12 -------- d-----w- c:\program files\SAMSUNG

2011-12-13 15:47 . 2011-12-13 15:47 -------- d-----w- c:\programdata\Samsung

2011-12-13 15:46 . 2010-07-04 18:11 25960 ----a-w- c:\windows\SysWow64\FsExService64.Exe

2011-12-13 15:46 . 2010-06-14 08:32 16448 ----a-w- c:\windows\SysWow64\drivers\TFsExDisk.Sys

2011-12-13 15:46 . 2010-07-04 18:11 25960 ----a-w- c:\windows\system32\FsExService64.exe

2011-12-13 15:46 . 2010-06-14 08:32 16448 ----a-w- c:\windows\system32\drivers\TFsExDisk.sys

2011-12-13 15:44 . 2011-12-13 15:44 -------- d-----w- c:\users\Loch\AppData\Roaming\Samsung

2011-12-13 15:42 . 2011-12-13 15:48 -------- d-----w- c:\program files (x86)\Samsung

2011-12-12 15:38 . 2011-12-12 15:38 -------- d-----w- c:\program files (x86)\HD Tune

2011-12-08 17:50 . 2011-12-08 17:50 -------- d-----w- c:\program files\Speccy

2011-12-06 18:13 . 2011-12-06 18:13 0 ---ha-w- c:\users\Loch\AppData\Local\BIT59D2.tmp

2011-11-30 20:05 . 2011-11-30 20:05 -------- d-----w- c:\users\Loch\AppData\Roaming\Superfoto Editor 2011

2011-11-30 20:01 . 2011-11-30 20:01 -------- d-----w- c:\program files (x86)\Reviversoft

2011-11-30 20:01 . 2011-08-09 16:26 18760 ----a-w- c:\windows\system32\roboot64.exe

2011-11-30 19:59 . 2011-11-30 20:00 -------- d-----w- c:\program files (x86)\Superfoto Editor 2011

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-21 18:40 . 2011-12-21 18:40 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A12E338A-8550-45F3-B05D-0188923AC22E}\offreg.dll

2011-12-07 16:14 . 2010-05-10 12:17 270720 ------w- c:\windows\system32\MpSigStub.exe

2011-11-20 11:04 . 2011-11-20 11:04 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll

2011-11-20 11:04 . 2011-11-20 11:04 882496 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2011-11-16 16:29 . 2011-03-28 17:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-11-15 20:29 . 2011-11-15 20:29 388096 ----a-r- c:\users\Loch\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-10-25 12:18 . 2011-11-07 19:23 2701696 ----a-w- c:\programdata\UpdateKPNAssistent.exe

2011-10-14 11:27 . 2011-06-04 08:23 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-10-03 03:06 . 2010-05-16 15:06 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-09-29 16:29 . 2011-11-08 20:03 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-29 136176]

R3 cpuz135;cpuz135;c:\users\Loch\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]

R3 dump_wmimmc;dump_wmimmc;d:\prius\gPotato\PriusOnline\GameGuard\dump_wmimmc.sys [x]

R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS [2010-06-14 36608]

R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-29 136176]

R3 Prot6Flt;Prot6Flt;c:\windows\system32\DRIVERS\Prot6Flt.sys [x]

R3 speccy;speccy;c:\users\Loch\AppData\Local\Temp\5fbf5539-4691-46d1-9058-4d9218b80230 [x]

R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 X6va002;X6va002;c:\users\Loch\AppData\Local\Temp\002E7B2.tmp [x]

R3 X6va003;X6va003;c:\users\Loch\AppData\Local\Temp\003B61A.tmp [x]

R3 X6va005;X6va005;c:\users\Loch\AppData\Local\Temp\00567D6.tmp [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-10-13 5790064]

S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-10-13 487280]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\AutorunsDisabled\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-06-09 08:14 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Inhoud van de 'Gedeelde Taken' map

.

2011-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-29 18:24]

.

2011-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-29 18:24]

.

2011-12-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2470778596-1899047671-4230289399-1000Core.job

- c:\users\Loch\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-29 11:34]

.

2011-12-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2470778596-1899047671-4230289399-1000UA.job

- c:\users\Loch\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-29 11:34]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-08 9642528]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.nl/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: &Add animation to IncrediMail Style Box - c:\program files (x86)\IncrediMail\bin\resources\WebMenuImg.htm

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Download alles met Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm

IE: Download met Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm

IE: Download selectie met Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm

IE: Download video met Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm

TCP: DhcpNameServer = 192.168.23.1

DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab

DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab

FF - ProfilePath - c:\users\Loch\AppData\Roaming\Mozilla\Firefox\Profiles\05bp2mxe.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/

FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar&a=6PPRtFKFRo&search=

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS VERWIJDERD - - - -

.

Wow6432Node-HKLM-Run-NPSStartup - (no file)

WebBrowser-{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\speccy]

"ImagePath"="\??\c:\users\Loch\AppData\Local\Temp\5fbf5539-4691-46d1-9058-4d9218b80230"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va002]

"ImagePath"="\??\c:\users\Loch\AppData\Local\Temp\002E7B2.tmp"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va003]

"ImagePath"="\??\c:\users\Loch\AppData\Local\Temp\003B61A.tmp"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]

"ImagePath"="\??\c:\users\Loch\AppData\Local\Temp\00567D6.tmp"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\SysWOW64\FsUsbExService.Exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\CyberLink\Shared files\RichVideo.exe

c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

.

**************************************************************************

.

Voltooingstijd: 2011-12-21 19:43:20 - machine werd herstart

ComboFix-quarantined-files.txt 2011-12-21 18:43

.

Pre-Run: 113.049.149.440 bytes beschikbaar

Post-Run: 113.108.963.328 bytes beschikbaar

.

- - End Of File - - 664F790677633A52CB784C73B7829AEB

Link naar reactie
Delen op andere sites

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\users\Loch\AppData\Local\BIT59D2.tmp

c:\users\Loch\AppData\Local\Temp\002E7B2.tmp

c:\users\Loch\AppData\Local\Temp\003B61A.tmp

c:\users\Loch\AppData\Local\Temp\00567D6.tmp

Folder::

c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}

c:\users\Loch\AppData\Local\{D25D1306-D270-4315-9E73-99864914DC21}

Driver::

X6va002

X6va003

X6va005

Registry::

[-HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va002]

[-HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va003]

[-HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

En dan nog een vraagje : zitten F-Secure en PC Veilig op deze locaties?

C:\Program Files (x86)\F-Secure

C:\Program Files (x86)\PC Veilig

... of eventueel met een iets afwijkende naam ? Geef die dan even mee in je volgend bericht.

Link naar reactie
Delen op andere sites

Pc Veilig zit in C:\Program Files (x86)\Pc Veilig

en zo ziet de map eruit, misschien heb je er wat aan.

post-28960-1417704692,4133_thumb.jpg

ComboFix 11-12-21.02 - Loch 21-12-2011 20:09:19.2.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4094.2765 [GMT 1:00]

Gestart vanuit: c:\users\Loch\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Loch\Desktop\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: F-Secure Anti-Virus 9.20.15437 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}

FW: PC Veilig 9.12 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: F-Secure Anti-Virus 9.20.15437 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\users\Loch\AppData\Local\BIT59D2.tmp"

"c:\users\Loch\AppData\Local\Temp\002E7B2.tmp"

"c:\users\Loch\AppData\Local\Temp\003B61A.tmp"

"c:\users\Loch\AppData\Local\Temp\00567D6.tmp"

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}

c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\x64\DIFxAPI.dll

c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\x64\DifXInstall64.exe

c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\x64\DIFxInstallLog.txt

c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\x64\GEARAspiWDM.inf

c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\x64\gearaspiwdmx64.cat

c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\x64\x64\GEARAspi.dll

c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\x64\x64\GEARAspi64.dll

c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\x64\x64\GEARAspiWDM.sys

c:\users\Loch\AppData\Local\{D25D1306-D270-4315-9E73-99864914DC21}

c:\users\Loch\AppData\Local\{D25D1306-D270-4315-9E73-99864914DC21}\wls1.tmp

c:\users\Loch\AppData\Local\BIT59D2.tmp

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_X6VA002

-------\Legacy_X6VA003

-------\Legacy_X6VA005

-------\Service_X6va002

-------\Service_X6va003

-------\Service_X6va005

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-11-21 to 2011-12-21 ))))))))))))))))))))))))))))))

.

.

2011-12-21 19:28 . 2011-12-21 19:28 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A12E338A-8550-45F3-B05D-0188923AC22E}\offreg.dll

2011-12-21 19:23 . 2011-12-21 19:23 -------- d-----w- c:\users\Machiel\AppData\Local\temp

2011-12-21 19:23 . 2011-12-21 19:23 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-12-21 18:07 . 1998-07-17 12:36 140800 ----a-w- c:\windows\SysWow64\tm20dec.ax

2011-12-21 18:07 . 1997-12-17 17:33 304128 ----a-w- c:\windows\IsUninst.exe

2011-12-21 18:03 . 2011-12-21 18:46 -------- d-----w- c:\users\Loch\AppData\Roaming\Apple Computer

2011-12-21 18:03 . 2011-12-21 18:03 -------- d-----w- c:\users\Loch\AppData\Local\Apple Computer

2011-12-21 18:03 . 2009-05-18 12:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2011-12-21 18:03 . 2008-04-17 11:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll

2011-12-21 18:03 . 2008-04-17 11:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll

2011-12-21 18:03 . 2011-12-21 18:03 -------- d-----w- c:\program files\iPod

2011-12-21 18:02 . 2011-12-21 18:03 -------- d-----w- c:\program files\iTunes

2011-12-21 18:02 . 2011-12-21 18:03 -------- d-----w- c:\program files (x86)\iTunes

2011-12-21 18:02 . 2011-12-21 18:02 -------- d-----w- c:\programdata\Apple Computer

2011-12-21 18:02 . 2011-12-21 18:02 -------- d-----w- c:\users\Loch\AppData\Local\Apple

2011-12-21 18:02 . 2011-12-21 18:02 -------- d-----w- c:\program files (x86)\Apple Software Update

2011-12-21 18:01 . 2011-12-21 18:01 -------- d-----w- c:\program files\Common Files\Apple

2011-12-21 18:01 . 2011-12-21 18:01 -------- d-----w- c:\program files (x86)\Bonjour

2011-12-21 18:01 . 2011-12-21 18:01 -------- d-----w- c:\program files\Bonjour

2011-12-21 18:01 . 2011-12-21 18:02 -------- d-----w- c:\program files (x86)\Common Files\Apple

2011-12-21 18:01 . 2011-12-21 18:01 -------- d-----w- c:\programdata\Apple

2011-12-20 18:42 . 2011-11-28 17:51 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-12-20 18:42 . 2011-11-28 17:53 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-12-20 18:42 . 2011-11-28 17:52 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-12-20 18:42 . 2011-11-28 17:52 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-12-20 18:42 . 2011-11-28 17:54 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-12-20 18:42 . 2011-11-28 18:01 256960 ----a-w- c:\windows\system32\aswBoot.exe

2011-12-20 18:42 . 2011-11-28 17:52 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-12-20 18:41 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr

2011-12-20 18:35 . 2011-11-28 18:01 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe

2011-12-20 18:35 . 2011-12-20 18:35 -------- d-----w- c:\programdata\AVAST Software

2011-12-20 18:35 . 2011-12-20 18:35 -------- d-----w- c:\program files\AVAST Software

2011-12-20 15:32 . 2010-04-27 02:25 15872 ----a-w- c:\windows\system32\drivers\ssm_whnt.sys

2011-12-20 15:32 . 2010-04-27 02:25 136192 ----a-w- c:\windows\system32\drivers\ssm_bus.sys

2011-12-20 15:13 . 2011-12-07 16:14 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A12E338A-8550-45F3-B05D-0188923AC22E}\mpengine.dll

2011-12-15 14:34 . 2011-12-20 16:41 -------- d-----w- c:\users\Machiel\AppData\Local\Windows Live

2011-12-15 14:34 . 2011-12-15 15:00 -------- d-----w- c:\users\Machiel\AppData\Roaming\Windows Live Writer

2011-12-15 14:34 . 2011-12-15 14:34 -------- d-----w- c:\users\Machiel\AppData\Local\Windows Live Writer

2011-12-15 14:22 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll

2011-12-15 14:22 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys

2011-12-15 14:22 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll

2011-12-15 14:22 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll

2011-12-15 14:22 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll

2011-12-15 14:22 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2011-12-15 13:53 . 2011-12-15 13:53 882512 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2011-12-13 16:56 . 2010-07-04 18:07 238952 ----a-w- c:\windows\SysWow64\FsUsbExService.Exe

2011-12-13 16:56 . 2010-06-14 08:32 36608 ----a-w- c:\windows\SysWow64\FsUsbExDisk.Sys

2011-12-13 16:56 . 2010-06-14 08:32 110592 ----a-w- c:\windows\SysWow64\FsUsbExDevice.Dll

2011-12-13 16:29 . 2010-04-27 02:25 15872 ----a-w- c:\windows\system32\drivers\ssm_wh.sys

2011-12-13 16:29 . 2010-04-27 02:25 15360 ----a-w- c:\windows\system32\drivers\ssm_cm.sys

2011-12-13 16:26 . 2011-12-13 16:26 -------- d-----w- c:\program files (x86)\MarkAny

2011-12-13 16:12 . 2011-12-13 16:12 -------- d-----w- c:\program files\SAMSUNG

2011-12-13 15:47 . 2011-12-13 15:47 -------- d-----w- c:\programdata\Samsung

2011-12-13 15:46 . 2010-07-04 18:11 25960 ----a-w- c:\windows\SysWow64\FsExService64.Exe

2011-12-13 15:46 . 2010-06-14 08:32 16448 ----a-w- c:\windows\SysWow64\drivers\TFsExDisk.Sys

2011-12-13 15:46 . 2010-07-04 18:11 25960 ----a-w- c:\windows\system32\FsExService64.exe

2011-12-13 15:46 . 2010-06-14 08:32 16448 ----a-w- c:\windows\system32\drivers\TFsExDisk.sys

2011-12-13 15:44 . 2011-12-13 15:44 -------- d-----w- c:\users\Loch\AppData\Roaming\Samsung

2011-12-13 15:42 . 2011-12-13 15:48 -------- d-----w- c:\program files (x86)\Samsung

2011-12-12 15:38 . 2011-12-12 15:38 -------- d-----w- c:\program files (x86)\HD Tune

2011-12-08 17:50 . 2011-12-08 17:50 -------- d-----w- c:\program files\Speccy

2011-11-30 20:05 . 2011-11-30 20:05 -------- d-----w- c:\users\Loch\AppData\Roaming\Superfoto Editor 2011

2011-11-30 20:01 . 2011-11-30 20:01 -------- d-----w- c:\program files (x86)\Reviversoft

2011-11-30 20:01 . 2011-08-09 16:26 18760 ----a-w- c:\windows\system32\roboot64.exe

2011-11-30 19:59 . 2011-11-30 20:00 -------- d-----w- c:\program files (x86)\Superfoto Editor 2011

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-07 16:14 . 2010-05-10 12:17 270720 ------w- c:\windows\system32\MpSigStub.exe

2011-11-20 11:04 . 2011-11-20 11:04 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll

2011-11-20 11:04 . 2011-11-20 11:04 882496 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2011-11-16 16:29 . 2011-03-28 17:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-11-15 20:29 . 2011-11-15 20:29 388096 ----a-r- c:\users\Loch\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-10-25 12:18 . 2011-11-07 19:23 2701696 ----a-w- c:\programdata\UpdateKPNAssistent.exe

2011-10-14 11:27 . 2011-06-04 08:23 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-10-03 03:06 . 2010-05-16 15:06 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-09-29 16:29 . 2011-11-08 20:03 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2011-12-21_18.38.28 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-07-14 04:54 . 2011-12-21 18:36 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2011-12-21 19:26 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2011-12-21 18:36 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2011-12-21 19:26 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2011-12-21 18:36 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2011-12-21 19:26 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-05-10 12:26 . 2011-12-21 18:47 15928 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2011-12-21 19:27 22822 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-05-10 12:12 . 2011-12-21 19:27 29938 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2470778596-1899047671-4230289399-1000_UserData.bin

+ 2009-07-14 04:46 . 2011-12-21 18:52 91600 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

+ 2010-05-31 19:15 . 2011-12-21 18:44 1604 c:\windows\system32\wdi\ERCQueuedResolutions.dat

+ 2011-12-21 19:25 . 2011-12-21 19:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-12-21 18:36 . 2011-12-21 18:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-12-21 19:25 . 2011-12-21 19:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-12-21 18:36 . 2011-12-21 18:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-11-15 19:26 . 2011-12-21 18:35 516104 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2011-11-15 19:26 . 2011-12-21 19:24 516104 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2009-07-14 05:01 . 2011-12-21 19:24 315712 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2011-12-21 18:35 315712 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 04:45 . 2011-12-21 18:40 7149840 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

- 2009-07-14 04:45 . 2011-12-20 18:54 7149840 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

- 2010-11-04 18:14 . 2011-12-21 18:35 6717124 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2470778596-1899047671-4230289399-1000-8192.dat

+ 2010-11-04 18:14 . 2011-12-21 19:24 6717124 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2470778596-1899047671-4230289399-1000-8192.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-29 136176]

R3 cpuz135;cpuz135;c:\users\Loch\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]

R3 dump_wmimmc;dump_wmimmc;d:\prius\gPotato\PriusOnline\GameGuard\dump_wmimmc.sys [x]

R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS [2010-06-14 36608]

R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-29 136176]

R3 Prot6Flt;Prot6Flt;c:\windows\system32\DRIVERS\Prot6Flt.sys [x]

R3 speccy;speccy;c:\users\Loch\AppData\Local\Temp\5fbf5539-4691-46d1-9058-4d9218b80230 [x]

R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-10-13 5790064]

S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-10-13 487280]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\AutorunsDisabled\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-06-09 08:14 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Inhoud van de 'Gedeelde Taken' map

.

2011-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-29 18:24]

.

2011-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-29 18:24]

.

2011-12-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2470778596-1899047671-4230289399-1000Core.job

- c:\users\Loch\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-29 11:34]

.

2011-12-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2470778596-1899047671-4230289399-1000UA.job

- c:\users\Loch\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-29 11:34]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-08 9642528]

"combofix"="c:\combofix\CF29426.3XE" [2010-11-20 345088]

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.nl/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: &Add animation to IncrediMail Style Box - c:\program files (x86)\IncrediMail\bin\resources\WebMenuImg.htm

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Download alles met Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm

IE: Download met Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm

IE: Download selectie met Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm

IE: Download video met Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm

TCP: DhcpNameServer = 192.168.23.1

DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab

DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab

FF - ProfilePath - c:\users\Loch\AppData\Roaming\Mozilla\Firefox\Profiles\05bp2mxe.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/

FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar&a=6PPRtFKFRo&search=

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS VERWIJDERD - - - -

.

WebBrowser-{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\speccy]

"ImagePath"="\??\c:\users\Loch\AppData\Local\Temp\5fbf5539-4691-46d1-9058-4d9218b80230"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\SysWOW64\FsUsbExService.Exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\CyberLink\Shared files\RichVideo.exe

.

**************************************************************************

.

Voltooingstijd: 2011-12-21 20:47:11 - machine werd herstart

ComboFix-quarantined-files.txt 2011-12-21 19:47

ComboFix2.txt 2011-12-21 18:43

.

Pre-Run: 112.944.386.048 bytes beschikbaar

Post-Run: 112.700.203.008 bytes beschikbaar

.

- - End Of File - - FDA428BAE1C1CB4F9A8C86FD59C7BEF0

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.